EU justice officials were targeted by Pegasus spyware
Pegasus spyware developed by the notorious Israeli NSO Group can hack iPhones through vulnerabilities without interaction. NSO makes money by selling Pegasus spyware to government agencies in some countries. Earlier public reports showed that some governments in Africa and the Middle East purchased Pegasus spyware for intrusion, and even EU member states had government agencies that purchased Pegasus spyware. The latest news disclosed by Reuters is that EU judicial officials have been attacked by Pegasus spyware. The attack should take place before November 2021, but the relevant information has only been disclosed now.
Documents revealed that the European Commissioner of Justice was hacked with Pegasus spyware, while four other staff members working on other EU commissions were also targeted. Apple sent an attack alert to thousands of users after discovering the attack in November, but the exact list of those affected was not disclosed. The email, which Reuters reviewed, stated: “Given the nature of your responsibilities, you are a potential target.”
However, for non-technical people, Apple’s warnings may be ignored, so a senior EU technician directly reminded everyone to pay attention to Apple’s warnings and beware of spyware attacks through mass emails. The surveillance of even judicial officials is clearly a major issue for the EU, although the EU has not released official information on the incident.
The United States has passed relevant laws to prohibit any person or organization in the United States from importing or exporting Pegasus spyware, and it is estimated that the European Union will do the same in the future. In EU member states, German police were found to have purchased Pegasus spyware, which was only revealed during an audit. At that time, the German police said that it was originally intended to be used for anti-terrorism purposes, but it was not used later.
Pegasus spyware previously launched an attack through the iMessage zero-click vulnerability. As long as the target user’s mobile phone number is known, it can send a specially crafted text message to intrude, without any user interaction and without any abnormality. After a successful intrusion, it can be monitored in all directions, including turning on the camera, microphone, monitoring calls, text messages, stealing photo albums, memos, and more.
Apple has fixed the vulnerability since it was discovered last year, but NSO buys the vulnerability of the iOS system at an extremely high price in the black market, so this offensive and the defensive battle will not stop there.